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What Is Claimed Is: 

1 . A method of generating and managing shared keys for a plurality 
of members of a cluster, comprising the steps of 

(a) system initialization to produce a functionally generated 

5 initial shared key; 

(b) functional generation of a next shared key; and 

(c) key recovery in the event of either compromise or failure 

of a node. 

2. The method of claim 1 , wherein step (a) comprises the steps of: 
10 (i) generating a random initial one-time pad a l 2 for each 

member; 

(ii) calculating an initial binding parameter 0, based on each 
a x „ where 0, = tx M ® a 2A ©---© a nA wherein <§> is a commutative operator; and 

(iii) sending 0, and cc u to each member L 

j 5 3. The method of claim 2, wherein step (iii) comprises the step of 

encrypting 0 t and oc u in the form 



{{7- s „, /,!.«,,},., } 



for transmission to each member i, where 

T SM is a timestamp generated by a security manager (SM), 
20 I is an indicator of an initialization mode, 

1 denotes the first interaction of key generation, 
K~* is an encryption operation using a private component of a 
private/public key pair of the security manager, and 
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K t indicates encryption using a public component of a 
private/public bey pair of member /. 

4. The method of claim 1, wherein step (a) comprises the steps of: 



(i) generation, by a member 1 , of random quantities y and v, ,; 

(ii) calculation by the member 1, of Y® v u=8i> wherein © is a 



(iii) sending, by the number 1, of 6 2 to a member 2; 

(i v) receipt, by a member i , of 8 ; . x from a preceding member i- 1 ; 

(v) generation, by member /, of random quantity v iU ; 

(vi) calculation, by member z, of S M ® v M =6 ( ; 

(vii) sending, by member i, of S, to a member i+1 ; 

(viii) sending, by a last member n, of 5 n to member 1 ; 

(ix) calculation, by member 1, of y®6 n -d { ; 

(x) sending, by member 1, of 0, to each member; 

(xi) calculation, by each member, of 0,®v u = a i V 



5. The method of claim 4, wherein step iii) comprises the step of 
encrypting 5 X in the form 

Hr,, 7,1,5,} \ for transmission to member 2, 



step (vi) comprises the step of encrypting 6, in the form 



step (vii) comprises the step of encrypting 6„ in the form 



commutative operator; 





for transmission to member 




for transmission to member 1, and 
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step (ix) comprises the step of encrypting 0 y in the form 
|{r, , / ,1,0, | for transmission to member i. 

6. The method of claim 1, wherein step (b) comprises the steps of: 

(i) generation, by each member /, of a cryptographically secure 
5 random number, Fk u , where j denotes the key generation iteration; 

(ii) calculation, by each member /, of HFK (J = a i} © FK U , where 
® is a commutative operator; 

(iii) sending, by each member z, of HFK (J to each other 

member; 

10 (iv) calculation, by each member /, of 

0 >+1 = kd } ® HFKy y ® HFK 2 ■ ® HFK n j 

where X is a scaling factor and n is the number of members in the 

cluster; 

(v) calculation, by each member /, of 
15 oc /j+1 = 0 y>/ ® FK iy 

(vi) calculation, by each member i, of a shared key 
SK, +I = f(9 >+1 ) 

where f is a strong one way function, to form a fractionally 
generated next shared key. 

20 7. The method of claim 6, wherein the step (iii) comprises the step of 

encrypting HFK U in the form 

jj^ , G , 7, HFK i ; _ ( | for transmission to each other 



member m. 



8. The method of claim 6, wherein 
25 step (i) comprises the steps of: 
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(A) random selection, by each member i, of a number FK ( j , 
where 0< FK~] <p-2, wherein p is a large odd prime number, such thatp-1 has 

large prime factors; and 

(B) calculation, by each member /, of 

step (ii) comprises the step of calculation, by each member i, of 
HFK U = (oe 0 + FKij) mod/?; 

step (iii) comprises the step of encrypting, by each member i, of 
HFK tJ in the form 

for transmission to each other member m; 

step iv) comprises the step of calculating, by each member i, of 

0. +l = ((p-n-3) 0,- + HFK U ) mod(p-l) 

= GK jl } ; and 

step (v) comprises the step of calculation, by each member z, of 
a Kj+l =(GKjl 1 + FK-)) mod p. 

9. The method of claim 1, wherein step c) comprises the steps of: 

(i) sending, by a recovery initiator RI, of the hidden fractional 
key of a failed node F, HFK f . , to a newly elected member /,wherey represents 

the iteration in which node / failed; 

(ii) sending, by RI, of SKj to member f ; 
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(iii) performing a distributed initialization process, so that each 
member / receives a binding parameter £ and a random pad f3 tJ \ 

(iv) calculation, by each member /, of HFK U = fi u 0 FK lp 
where 0 is a commutative operator; 

(v) sending, by each member Z, of HFK U to member r, 

(vi) calculation, by number /, of 

FK T j = X 5 0 HFKjj © - ® HFK n . } j ® 6 ;+/ , where @ is a 

commutative operator; and 

(vii) calculation, by member z, of 
a riJ =HFK fJ@ FK rj 

10. The method of claim 9, wherein 

step (i) comprises the step of encrypting HFK r y in the form 

\\T r1 ,R, j,HFK r j\ ( [ for transmission to member /, where R indicates 

recovery mode; 

step (ii) comprises the step of encrypting SKj in the form 




for transmission to member z; and 



step (v) comprises the step of encrypting HFK lk in the form 
{{T l .R,J.HFK IJ } ir ) 



11. The method of claim 2, further comprising the step of 

(d) verifying that each of initial pad a u has contributed to the 
calculation of 8,, performed after step (a). 
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12. The method of claim 11, wherein step (d) comprises the steps of: 

(i) selection, by a predetermined member of the cluster, of a 

large prime q\ 

(ii) distribution of q to all members; 

(iii) selection, by the predetermined member, of a generator g 
of the multiplicative group under q\ 

(iv) distribution of g to all members; 

(v) selection by each member z, of a random polynomial f { 
having a value of zero at the origin; 

(vi) calculation, by each member z\ of a i j = g a, ' +,+/f ; 

(vii) sending, by each member z, of d i { to all other members; 

(viii) calculation, by each member z, of 

g 6, = J][ j:"d- j = ' =1 fi , evaluated at the origin; 

(ix) determination, by each member i, of whether g 1 =g 1 , 

evaluated at the origin; and 

(x) determination, by each member z, of whether 

g = 



n 



;=l 8 



13. The method of claim 4, further comprising the step of: 

(e) verifying that each initial pad <x 0 has contributed to the 
calculation of 0,, performed after step (a). 



14. The method of claim 12, wherein step (e) comprises the steps of: 
(i) selection, by a predetermined member of the cluster, of a 

large prime q, 
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(ii) distribution of q to all members; 

(iii) selection, by the predetermined member, of a generator g 
of the multiplicative group under q\ 

(iv) distribution of g to all members; 

(v) calculation, by member 1, of g y and g v,! ; 

(vi) making g y and g v " available to all members; 

(vii) calculation, by each member i, of g V,A ; 

(viii) publication, by each member/, of g v ' 1 for other members 

of the cluster only; 

(ix) determination, by each member i, of whether 



15. A system for generating and managing shared keys for a plurality 
of members of a cluster, comprising 

initialization means for performing system initialization to produce 
a fractionally generated initial shared key; 

fractional generation means for fractional generation of a next 

shared key; and 

recovery means for performing key recovery in the event of either 
compromise or failure of a node. 

16. A computer program product comprising a computer usable 
medium having computer readable program code that executes on a computer that 
participates in the generation and management of shared keys for a plurality of 
members of a cluster, said computer readable program code comprising: 
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(a) first computer readable program code logic for causing the 
computer to participate in system initialization, wherein the initialization produces 
a fractionally generated initial shared key; 

(b) second computer readable program code logic for causing 
the computer to participate in the fractional generation of a next shared key; and 

(c) third computer readable program code logic for causing the 
computer to participate in key recovery in the event of either compromise of 
failure of a node. 



